From 9b9f367e936961b94cc3b8b490271bc9731529b5 Mon Sep 17 00:00:00 2001
From: Stephen Shkardoon <ss23@ss23.geek.nz>
Date: Sun, 24 Mar 2013 01:05:33 +1300
Subject: [PATCH] BUG Database config values aren't escaped

Causes minor UI issues if you try use database configuration values that happen to have " or other values in them.
---
 dev/install/config-form.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev/install/config-form.html b/dev/install/config-form.html
index 2b008df00..dd36e1543 100644
--- a/dev/install/config-form.html
+++ b/dev/install/config-form.html
@@ -157,7 +157,7 @@
 														$attrs['class'] .= ' configured-by-env';
 													}
 													$attrHTML = '';
-													foreach($attrs as $attrName => $attrValue) $attrHTML .= "$attrName=\"$attrValue\" ";
+													foreach($attrs as $attrName => $attrValue) $attrHTML .= "$attrName=\"" . htmlspecialchars($attrValue) . '"';
 													if(isset($fieldSpec['attributes'])) $attrs = array_merge($attrs, $fieldSpec['attributes']);
 													
 													// html